Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Anaylyzing capture file for network troubleshooting

We're experiencing a "slow" network report on one of our field sites.  Using SNMP/MRTG I did confirm that the link is being saturated.

Now I'd like to analyze what might be causing the traffic spike.  Unfortunately my router doesn't support NetFlow.  So I used a span port and captured a few minutes worth of traffic.  Now that I've got my .cap file, how do I analyze it?  I have WireShark, which shows me all the packets. But I'd like a summary that tells me:

-Protocol breakdown.  What protocols are using what percentage of the bandwidth

-Top talkers.  What IPs are using the most bandwidth.

I can't seem to find that in wireshark.  Any other opensource tools I could use to analyze my capture file?

Thanks

3 REPLIES
New Member

Re: Anaylyzing capture file for network troubleshooting

Wireshark:

Protocol breakdown: Statistics\Protocol Hierarchy

Top talkers: Statistics\End Points\IPv4 - sort by Bytes column

V

New Member

Re: Anaylyzing capture file for network troubleshooting

Thanks.  Top Talkers works as I expected, so thanks for that!

But for the protocol breakdown, the report seems a little odd.  It shows me 49.24% of the traffic is data, but then doesn't really break it down beyond that (nothing adds up to the full 100% of TCP).  See attachment.  Thanks!

New Member

Re: Anaylyzing capture file for network troubleshooting

HELP says that it is taken by protocol overhead....

V

258
Views
0
Helpful
3
Replies
CreatePlease to create content